Tuesday, February 28, 2017

British Sell-A-Con

The world was a bit simpler when I was a kid. I was brought up in Stafford, which is in the West Midlands. Which meant that the Midlands Electricity Board provided our electricity. and Stafford is in England which is a part of Britain and so, naturally, British Gas provided our gas. And British Telecom provided our telephone line. Simple.

Of course that was in the days before such things were privatised. And it was before the internet and mobile telephones were a part of our everyday lives. Nowadays everyone seems to offer everything. Sky TV don't just deliver satellite televison, they're internet service providers. British Gas provide electricity. Marks & Spencers provide gas. Tesco are a bank. And British Telecom are a TV sports channel, a satellite broadcaster, an internet service provider and a hawker of fraud. Admittedly that last one isn't something they do on purpose. But they do it. And - perhaps more to the point - even when they know they're doing it they seem unable to stop it happening.

Allow me to explain...

BT are my internet service provider. I have a btinternet dot com email address. I use my BT email for friends and family and other non-work related stuff. Adverts are a part and parcel of the experience although I don't often see them because I mostly deal with that email address on my desktop computer's mail program. It's only when I log in to webmail that I see the ads. The top of the page looks something like this:

As you can see BT provide their email in collaboration with Yahoo and, at the top of my inbox, there's an ad. It's normally for something innocuous. In the example above it's for Californian holidays. I don't mind that. I do mind when it's an ad for something that's altogether less wholesome... like this next example:

That's an ad for something called The Oxford Method.

... and if you saw the fourth series of Modern Life Is Goodish last year, it might be ringing a faint bell or two.

Because last year, one of the episodes had a section about something called The Brit Method. And also the Aussie Method and the Canuck Method and the Irish Method and a whole lot more.

The Brit Method is a a con that sells the idea that a man has found a foolproof way of investing in Binary Options; a special method that guarantees success and will make anyone a millionaire... and that is mysteriously being offered, for free, to a select few.

All you have to do is invest some money. And then wait until you become rich. Unsurprisingly, there's no such thing as a foolproof way of making millions. People who fall for it will lose their money.

Now, Modern Life Is Goodish isn't Watchdog. We're not there to warn you off these sort of things - it was in the show to make some other point entirely. That said, I'm sure that nobody who saw the show could be in any doubt as to the nature of the thing. (If you're curious to know how and why it appeared in the show the episode is currently available on UKTVPlay, here.)

As you've no doubt twigged by now, The Oxford Method is just another Brit Method clone. I'm used to seeing ads for dodgy offerings such as this on awful clickbait sites and in other dark corners of the internet but I was surprised to see it being advertised somewhere as mainstream as British Telecom's network.

I might be wrong about this, but I reckon BT's history as a fundamental part of British life means they're likely to have an older client base than a lot of other internet providers. They're the trusted British brand that people have known all their lives. They represent 'the establishment' as much as is possible for a company in that business. I reckon a lot of people who find the internet a bit intimidating probably trust BT to deliver the service.

If that is the case then I think it follows that BT's customers are more vulnerable to this kind of con. And I think the BT brand confers a touch of respectability on the ads they carry. Doesn't an ad that appears as part of BT's branded content carry just a bit more authority than one that appears on one of those, "You won't believe what Susan Boyle looks like now" pieces of guff that so litter the information superhighway?

To be clear, I don't think any part of the internet should be carrying ads for this sort of fraud. Of course they shouldn't. But I can't help thinking that if a giant company like BT - who trade on a reputation of trust and respectability - are prepared to run ads of this nature then there's no hope of anyone else acting responsibly. It's like discovering your gran is dealing drugs. You know that people do it. But not her. Surely, not her!

It was July last year when I first saw the ad for the Oxford Method. I can't remember whether it was before or after we'd taped the show with the Brit Method content, but I know it was at a stage when it was too late to go messing around with the material and adding in more details. I knew what the Oxford Method was because of the research I'd been doing for the show - and it may be that the research I had been doing was one of the reasons the ad popped up on my inbox, but even so... if they're serving me the ad, they're serving it to other people too... and they shouldn't be.

It seemed obvious to me that BT weren't aware that this ad was on their network. The ads were probably bought and sold without much human interaction or oversight. I figured that once they discovered the ad was there, they'd remove it immediately. So I sent an email to BT letting them know it was there.

That was on July 4th. I sent it to the email address that shows up online if you search for the CEO of BT, Gavin Patterson because, in my experience, emailing a CEO is a pretty good way of accessing the highest level of technical support. I don't know if Gavin actually reads the emails that arrive at that address or not... but I'm pretty sure there's a team of people employed to respond to them that are more empowered than the regular staff on a regular helpline.

So I emailed Gavin explaining my concerns. And I thought the ads would disappear overnight. Only on July 5th they were still there. And on July 6th too. They did get back to me. On July 6th I spoke on the phone with someone called Michael Todd. He's an Executive Level Technical Complaints man, apparently. He was very polite and seemed genuinely concerned that the ads had been there. I don't remember the details of the call - because I wasn't expecting the thing to drag on and become this sort of a tale - but I'm pretty sure he explained that the ads weren't solicited, were sold via some kind of online auction process. More importantly, I got the impression that they'd now been dealt with.

And then, on the 7th July, I saw another ad for The Oxford Method.

The wording has changed. But even so. If the Executive Level Technical Complaints people aren't capable of blocking ads for a given name, something has to be amiss. If it takes them three days to try - and still they fail - then that's three days in which I think they can - and should - be held responsible for the ads.

If the people behind the ad are changing the wording in order to get around the block, doesn't that suggest that the ad is worth their while? And doesn't that suggest that a BT customer or two have fallen for it? Of course, I can't
prove that someone fell for it, but I can't see why the scammers would persist if it wasn't a fruitful route for them, so it's surely a strong possibility.
And that seems like an awful thing to have on one's conscience.

Anyway.
It was a busy time and I thought little more about it. I happily
assumed that BT had got to grips with the issue. And for all I know they had. I was at home a lot more and so I had little or no need for webmail and so I wasn't seeing the space where the ads appear.

But then, on February 1st
- nearly 7 months after our first exchange of dialogue on the subject -
I saw another dodgy ad at the top of my BT mail. This time it wasn't
for The Oxford Method. It was for The Brit Method.

So I emailed Gavin again. And again, Michael Todd was the man to reply. On February 3rd he explained that the scammers had got through by changing the name of the con. Which makes sense from one point of view. But is also basically admitting that the system is very easily abused that they're powerless to prevent it. In which case, I wonder if the system is fit for purpose?

We exchanged a couple of emails and on February 8th (Wednesday) Michael wrote telling me that he'd get back to me by the end of the week.

I
didn't give him the time to do so... because I spent Thursday and
Friday letting him know about other Binary Options scams being
advertised on BT. Like this one:

This is even more alarming when I know that the bosses are aware of the problem and are trying to stop it. Especially given that they've explained they have category blocks and word blocks and other systems in place... because this means that words like "Increase your income" and "gets rich" and "over £10,000" aren't setting off any alarm bells...

Yes, those words could be used in a legitimate ad... but how often are they? And wouldn't having oversight of just those ads at least be possible?

Oh... and there was also this:

Which landed on this page of obviously fake newsiness about "secret money systems" and of-its-time references to the "political elite getting nervous about this secret getting out". Which tells you all you need to know about who this ad is aimed at. It's the already-feeling-beaten-up-by-life folks they're trying to seduce. It's the already-shafted who might end up getting shafted further.

And those are just the two I saw on the 9th. On the 10th, I also let him know about this little lot...

... so that's DiCaprio,
Dwight, Stallone, Winfrey and Hewson all dragged into this. It seems it's not just businessmen from
popular culture... anyone from pop culture is up for grabs.

(Incidentally,
while this is far from the biggest issue here... I reckon DiCaprio, Dwight,
Stallone, Winfrey, Hewson, Bannatyne and Branson would all be rightly irked to discover their names and faces are being abused to
help con people in this way... I wonder, what, if any recourse is available to them?)

All of these ads pointed to fake facebook pages using the domain fb dash biz dash news dot com... :

All these pages are essentially the same - if you click on the pictures they should enlarge enough to make the text legible.

Personally, I'm most fascinated by this man...

He seems to be the closest friend of all five of these hugely famous showbiz legends. It's quite a feat for someone to be quite so well connected!

Especially when his un-pixellated face reveals him to be the Cyprus Government Spokesperson and Director of the Diplomatic Office of the President of the Republic of Cyprus, Nikos Christoulidis

You think he'd have enough on his plate dealing with Cypriot politics without finding time to hobnob with the stars.

Hmmm... maybe he isn't their closest friend after all. Maybe some crooks have just stolen his photo online and stuck it in their fake facebook page to make it look a bit more real somehow.

I've exchanged plenty of emails with BT about these ads which continued to appear on my email for a good few days. I can't think of a good reason why an ad pointing to fb dash biz dash news dot com should be appearing on BT's network a day after BT know about the problem.. let alone two or three days after. But they were.

I asked Mr. Todd (Executive Level Technical Complaints, BT) if it was okay for me to quote our email exchange in this blog and he replied to say that it wasn't and that the information he'd given me was for my private use only. Although I'm not sure if I'm really allowed to tell you that as it was a part of the email exchange that I now know was for my eyes only.

But then it's not as if I have much information from him that I could not divine from the situation. It turns out - I believe - that the Oxford Method/Brit Method ads were all from one advertiser and that they have now been blocked. Which rather begs the question: why didn't they block them in July last year... why were they still allowed to be posting adverts seven months after they were first discovered.

Really the only information I have is that a lot of these ads have been getting through. And days after BT acknowledges them - and sometimes, days after BT tells me they've dealt with them - they still get through.

I know that nobody vets the ads before they go into the system... but I find it utterly bamboozling that everyone accepts this as the status quo. The advertising world has made a technological leap that streamlines the process and reduces the cost and that is just how it is. But the consequence of it appears to be that there is little anyone can do to prevent it from being abused by people who are trying to con the vulnerable. And that's a consequence that ought to make everyone involved a little uncomfortable.Isn't it?

And you can't have it both ways. BT makes in excess of 2 billion pounds a year. Either the ads are
profitable enough to afford human oversight. Or they're not profitable
enough to bother with at all.

Maybe they'd say that this new system allows for huge numbers of advertisers to push ads to fewer people? And maybe that makes human oversight impossible because of the sheer numbers of ads involved? In which case, don't accept the status quo. It means the system doesn't work. Implement a system where new advertisers have to go through some vetting that established advertisers don't have to endure. But make it a privilege that can be revoked. I don't understand the world in which a corporate giant just shrugs its corporate shoulders and accepts that they'll occasionally be used to advertise fraud.

Oh, incidentally... the CEO of BT, Gavin Patterson used to be the President of The Advertising Association. As I type this, Wikipedia still says that he is...

As it goes, his presidency ended a few years ago, but I'd like to think that an ex-President remains as committed to the aims of the group as anyone else. And according to Wikipedia, the role of the Advertising Association is...

"to promote and protect advertising in the UK by creating and maintaining a climate of responsibility amongst advertising practitioners, encouraging moderation from regulators and building trust with consumers"

Way to go, Gavin.

I suppose there's something broader at work here - something that is an internet-wide problem. Sites like Twitter, Facebook, Youtube and Flickr etc would be unable to function if they had to take legal responsibility for every tweet, post, video and photo that was uploaded to their site. It's not possible to check every bit of content before it's published.

And so, by analogy, maybe we have to accept that in this democratised, online world of ours, companies like BT and Yahoo just can't be held legally responsible for the ads they carry because they work in the same way. But there is a counterweight to that situation - and that's a responsibility to remove inappropriate content in a timely fashion the moment they are aware of it.

I might be wrong, but I can't see anywhere on the BT/Yahoo mail page that acknowledges there's even a possibility that fraudulent ads might appear there or that explains a quick and easy way to report one. And my experience demonstrates that they're simply not able to act quickly enough when they are aware. Ads like these simply shouldn't still be in the system days after a company knows about them.

I know this is an extremely long post. And I don't know what I hope to achieve by it... but I can't help thinking that the idea that online-fraud is just one of those things we have to accept is just bizarre. And if a company with the clout of BT is unable to deal with it properly... then who the hell can?

PS: a couple of days after I emailed Michael Todd and asked if I could quote our email chain on my blog I was contacted by someone called Charles Stewart who works for Yahoo PR in the States. He asked if we could have an off-the-record chat about it all. I wrote back explaining that I'd love to chat but that I didn't want to make it off-the-record. It seems to me that what's needed is more transparency here, not less... That was six days ago. He hasn't got back to me yet.

It's only fair to point out that in those past six days I haven't seen a dodgy ad on my BT/Yahoo webmail page.

But today, on Yahoo's home page, I saw this...

... which is an ad for - drum roll please - The Brit Method. The website it takes you to isn't some new URL that could have easily slipped past their radars... it's Brit dash Method dot com.

Which, by my reckoning, means one of two things.
1: Yahoo and BT are aware of this issue, are trying to stop these ads and are still failing
2: Yahoo and BT are aware of this issue, have successfully stopped these ads from appearing on their shared webmail page, but are happy to allow ads they know are fraudulent to appear elsewhere.

I'm not sure either of those casts them in a flattering light...

************************UPDATE************************Last night - after posting this, I checked my email on an ipad... and the ad for the Brit Method was there also...

I'm surprised you didn't pick up on the glaringly obvious error in the "Visit California" ad: "Have your camera's at the ready". Don't these people know that for every misuse of the apostrophe, a kitten dies?

There has to be some way to filter these things. They do it with photos. Silly grandma post picture of a naked baby in a bath, and wham it's gone. Surely the rules to removing adverts could be adapted for words as well as pictures.

Of course in the dark corners of the interweb these so called money makers could be paying BT to carry their ads.

Privatization, while it has, yes, led to this kind of thing, has also been responsible for the huge boom of telecoms services (esp in mobile) at lower prices, esp compared to that of a state monopoly. And it's because BT is concerned with its reputation, that did used to be synonymous with trust, that you're able to hold them to public account.

Part of the reason BT find it so difficult to fix this is partly because it's no longer economical for them to offer their own e-mail services - they partner with/outsource to Yahoo, so they have less capital outlay, and they don't have to manage the day to day operations of an e-mail service (Yahoo benefits from scale in a way BT would not).

The ads are being served on Yahoo's platform, not BT's. BT is the brand slapped on the e-mail service, much they way my "Westinghouse" TV is a brand name for a Chinese OEM. So when BT tries to fix this, they have to play whack-a-mole, and not on their own system - they have to wrestle with Yahoo. And while I don't know this for sure, what's likely making this difficult is how Yahoo has set up their blacklist to filter out "bad ads". And BT is not the expert at using these - Yahoo is supposed to be...

What would make the most sense is for Yahoo to ban this at the payment source level - blocking credit cards and account numbers for people who post these ads. Those at least are not as easy to recreate new ones as it is to buy a new URL, or play the magic words test with a blacklist. But Yahoo has a financial dis-incentive to do this (which is not to say they have not done it, or would not), since it would cost them (not trivial) development money, while stopping revenue coming in from bad ads.

I'm sure you know this, but online ads are one of the most common ways credit card fraudsters "launder" money. They get stolen card numbers, and monetize them by buying online ads that point to scams. (if they shipped things to their home, they would get caught...)

There's so much about digital advertising that is wrong - or at least, is still the wild west.

As others have said, this is likely to be down to Yahoo's ad platform not blacklisting advertisers properly.

Of course once upon a time, if you were a dodgy company with a fake business, then you'd have been turned away by the media outlet when you phoned up and tried to place an advert for your obviously dodgy business.

But these days, ads are traded practically blindly, and as you've seen, it's far too easy to get dubious ads through to otherwise big-name sites.

And it's far too easy for the media owners themselves to abrogate responsibility. They certainly run the risk of reputational damage, but not really much beyond that. Compare and contrast with, say, a broadcaster like Dave. If they ran a dodgy ad, then they are in fact responsible for it, and ultimately it could cost them their broadcast licence. (There's actually a group called the BACC who clear ads prior to broadcast, precisely to prevent this scenario.)

There are things called whitelists and blacklists that should be able to minimise this kind of thing. I suspect, but don't know, that Yahoo is mostly using "blacklists." Errant advertisers get added to the blacklist, but everyone else gets published regardless. But they could choose the more conservative "whitelist" approach - ie the site has a predetermined list of advertisers they will accept. Anyone new has to jump through a couple of hurdles before they're added to that list.

Of course, if you only use a whitelist, then you're potentially turning away revenue since there may be honest advertisers who don't want to bother jumping through your hoops, and just spend their money elsewhere.

Incidentally, this all works the other way around, with advertisers also sometimes ending up places they really wouldn't like to be. See the recent story in The Times about Jaguar Land Rover ads "funding terrorist websites."

It often feels like the digital advertising industry still has a lot of growing up to do, and that we're still in the era of snake oil salesmen advertising their patent remedies in newspapers at the turn of the last century.

In the meantime, if you've not read it, The Ad Contrarian is always an entertaining read. And a recent speech from a senior P&G exec made the digital advertising industry really sit up.

(And yes, I did see your recent Twitter conversation about a Guardian ad too!)

@Subtitles: You're quite right. But as the emails I'm not supposed to quote make it perfectly clear, these ads breach Yahoo's policies also. And a big part of the problem that's led to these things being so tolerated is the idea that everyone has plausible deniability because this and that are outsourced. It's nonsense. Their name is on it. So is Yahoo's. They both have to take responsibility for it - and if BT are unable to do so, partnering with Yahoo was the wrong way to go.

Any other way you process the information you arrive at the conclusion "this is the economically most advantageous way to behave... and we accept that as a result of this decision, some of our customers will be defrauded."

@Adam Bowie: I agree entirely. But the industry arguing that online ads are traded blind these days and so we just have to suck it up is a nonsense... they don't have to, they have to take responsibility for it. If that's how ads are traded that's one thing... but if they accept that they have to resource the reporting and removal of dodgy ads properly.

And the evidence here suggests that they either can't do it or that they can but don't. Why would ads pointing to a known URL still be on the network days after they knew about it?

How have they been able to block the dodgy ads from BT/Yahoo mail... but not from Yahoo.co.uk? Are they selectively blocking them from one location? That would mean knowing the stuff is fraudulent and turning a blind eye to it in certain places?

As a small business owner I advertise on Facebook and your ad has to be approved before it goes live. So if they can vet ads I am sure BT/Yahoo can do something similar. That said it doesn't stop someone posting scams and other more vulnerable people sharing them...

Thanks for this Dave, I get sick of seeing adverts for the x method, they sadly however do work, I researched one (then your program made my research look like a pre-school project) and I can see many peeps falling for this especially when on a BT network

An excellent look at this issue. I turn my ad blocker off on certain sites (usually newspapers) but it's ad-tat like this that makes me feel justified in using it for most sites. The online ad industry needs to find some way of putting quality control in, and I think you're approach of using BT to put pressure on Yahoo is a good one.

@Robin mentioned that there are times when poor grammar/spelling in these scams can be there to filter out time wasters. There's a fascinating Freakonomics podcast on this. I'll link to it below, but in case the link is filtered out it's called 'What Do King Solomon and David Lee Roth Have in Common?'

I'm seeing this sort of thing more and more in my Facebook feed, and call me naive, but I thought FB would be filtering out any adverts that link to scam pages or those with malware attached, but noooo. There's an advert for a macintosh clean up advice page which inserts malware frequently advertised on FB.

I agree with you that either the companies raking in the income from these ads should be policing it, or they should not be running random ads and also agree that the profile of the average BT customer is likely to be older and more vulnerable to this sort of scam. They have a duty of care with their services and we should be able to hold them to account. Does Offcom have any role in this?

There's a whole other kettle of worms in the mobile industry too - my mother responded to an ITV competition and was left with a recurring £5 charge on her mobile bill that Virgin refused to stop, even though she hadn't knowingly signed up for anything. The only way to stop it was to change providers, and so she is now a happy customer of GiffGaff.

Very tempted to take out an ad with Yahoo targeted at mid-40s males working in media and entertainment, based in London who enjoy cycling, and use BT Internet, advertising The Gorman Method, with Dave's face on it...